MINOR: server: enable more keywords for ssl checks for dynamic servers

Allow to configure ssl support for dynamic server checks independently of the ssl server configuration. This is done via the keyword "check-ssl". Also enable to configure the sni/alpn used for the check via "check-sni/alpn".
2025-11-28 22:31:06 +01:00 · 2021-09-20 15:15:19 +02:00 · 2021-09-20 15:15:19 +02:00 · 79b90e8cd4
commit 79b90e8cd4
parent b621552ca3
3 changed files with 8 additions and 4 deletions
--- a/doc/management.txt
+++ b/doc/management.txt
@ -1507,8 +1507,11 @@ add server <backend>/<server> [args]*
  - backup
  - ca-file
  - check
+  - check-alpn
  - check-proto
  - check-send-proxy
+  - check-sni
+  - check-ssl
  - check-via-socks4
  - ciphers
  - ciphersuites
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@ -1887,9 +1887,9 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "allow-0rtt",              srv_parse_allow_0rtt,         0, 1, 1 }, /* Allow using early data on this server */
 	{ "alpn",                    srv_parse_alpn,               1, 1, 1 }, /* Set ALPN supported protocols */
 	{ "ca-file",                 srv_parse_ca_file,            1, 1, 1 }, /* set CAfile to process verify server cert */
-	{ "check-alpn",              srv_parse_check_alpn,         1, 1, 0 }, /* Set ALPN used for checks */
-	{ "check-sni",               srv_parse_check_sni,          1, 1, 0 }, /* set SNI */
-	{ "check-ssl",               srv_parse_check_ssl,          0, 1, 0 }, /* enable SSL for health checks */
+	{ "check-alpn",              srv_parse_check_alpn,         1, 1, 1 }, /* Set ALPN used for checks */
+	{ "check-sni",               srv_parse_check_sni,          1, 1, 1 }, /* set SNI */
+	{ "check-ssl",               srv_parse_check_ssl,          0, 1, 1 }, /* enable SSL for health checks */
 	{ "ciphers",                 srv_parse_ciphers,            1, 1, 1 }, /* select the cipher suite */
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 	{ "ciphersuites",            srv_parse_ciphersuites,       1, 1, 1 }, /* select the cipher suite */
--- a/src/server.c
+++ b/src/server.c
@ -4563,7 +4563,8 @@ static int cli_parse_add_server(char **args, char *payload, struct appctx *appct
 		goto out;
 	}

-	if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL)) {
+	if (srv->use_ssl == 1 || (srv->proxy->options & PR_O_TCPCHK_SSL) ||
+	    srv->check.use_ssl == 1) {
 		if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv) {
 			if (xprt_get(XPRT_SSL)->prepare_srv(srv))
 				goto out;